[jboss-jira] [JBoss JIRA] (SECURITY-721) SPNEGO fallback to FORM based login has issues with user roles
Darran Lofthouse (JIRA)
issues at jboss.org
Tue Aug 21 08:14:02 EDT 2018
[ https://issues.jboss.org/browse/SECURITY-721?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Darran Lofthouse reassigned SECURITY-721:
-----------------------------------------
Assignee: (was: Darran Lofthouse)
> SPNEGO fallback to FORM based login has issues with user roles
> --------------------------------------------------------------
>
> Key: SECURITY-721
> URL: https://issues.jboss.org/browse/SECURITY-721
> Project: PicketBox
> Issue Type: Bug
> Components: Negotiation
> Affects Versions: Negotiation_2_2_1
> Reporter: Tom Fonteyne
>
> A standard setup of EAP 6.0.1 (containing nego 2.2.1) for SPNEGO with FORM fallover has issues in the third set of the toolkit tests.
> 10:54:47,378 ERROR [org.apache.catalina.core.ContainerBase.[jboss.web].[default-host].[/jnt-eap6].[Secured]] (http-orac.usersys.redhat.com/10.33.1.221:8080-2) Servlet.service() for servlet Secured threw exception: java.lang.NullPointerException
> at org.jboss.security.negotiation.toolkit.SecuredServlet.doGet(SecuredServlet.java:88) [classes:]
> The failing line being:
> List<Role> roles = info.getRoles().getRoles();
> I back ported the extra lines from the toolkit to the one meant for EAP 5.x and there the above line works fine.
> The fact that the servlet is called does mean that JBoss received the correct roles, hence it's not clear whether that particular toolkit line being any issue for the general public.
--
This message was sent by Atlassian JIRA
(v7.5.0#75005)
More information about the jboss-jira
mailing list